Agentic AI and Autonomous Systems Liability Insurance: What Brokers Need to Know in 2026

Agentic AI — systems that don't just generate text but take autonomous actions in the world — is the liability exposure most commercial insurance brokers have not yet accounted for. A client using ChatGPT to draft marketing copy has a manageable AI risk profile. A client running an AI agent that books freight shipments, executes trades, modifies production code, routes customer service escalations, or submits regulatory filings without human review in the loop has a categorically different exposure. The harm from the second category is not hypothetical output — it is a completed action with real-world consequences, often taken at machine speed, at scale, before anyone can intervene.

Standard policies — E&O, CGL, cyber, tech professional liability — were not written for a world where software autonomously acts on a client's behalf. The coverage gaps are structural, not incidental. For brokers with commercial clients in financial services, professional services, healthcare, logistics, or software development, 2026 is the year to have this conversation proactively — before the first claim arrives.

What "Agentic AI" Means and Why It Changes the Liability Analysis

Traditional AI tools are essentially sophisticated text generators or classifiers. The user remains the actor: they evaluate the AI's output and decide whether to act on it. If an AI drafts a contract clause with a mistake, a human attorney reviewed and accepted it — liability follows the human decision.

Agentic AI systems break that chain. These systems — built on large language models with tool-calling capabilities, memory, and multi-step planning — can be assigned a goal and then autonomously execute a sequence of actions to achieve it: browsing the web, calling APIs, writing and running code, sending emails, making purchases, modifying databases, or interacting with external platforms. The AI's actions are not outputs for a human to review; they are completed operations that may have already triggered downstream effects before anyone realizes something went wrong.

The key underwriting distinction is human-in-the-loop vs. human-out-of-the-loop. Policies drafted for professional services assume a human professional made the decision. Agentic AI operating autonomously removes that assumption entirely.

As of 2026, businesses are deploying agentic AI in commercial settings across several risk categories:

  • Financial operations: AI agents executing trades, rebalancing portfolios, processing payments, managing accounts payable
  • Software development and deployment: AI coding agents (GitHub Copilot Workspace, Devin-class systems) that write, test, and push production code
  • Healthcare administration: AI scheduling and prior authorization agents that make decisions affecting patient care workflows
  • Legal and compliance: AI agents that draft and file regulatory documents, conduct due diligence searches, review contracts for execution
  • Customer operations: AI agents handling customer accounts, processing refunds, modifying service agreements, escalating complaints

Each category presents distinct liability vectors, and the existing insurance market is not uniformly equipped to respond to any of them.

Why Existing Policies Leave Your Clients Exposed

Commercial General Liability

CGL policies cover bodily injury and property damage from a covered occurrence. They were designed for physical torts. Financial losses caused by an AI agent taking an incorrect action — executing the wrong trade, deleting the wrong records, sending a disclosure to the wrong counterparty — are economic losses, not property damage. CGL responds to neither.

Some clients believe their CGL "products and completed operations" coverage would respond if the AI agent is considered a product. It generally will not. The AI agent is typically operated by the client as a service tool, not sold as a product to a third party. And even where a product argument could be made, the "completed operations" framing assumes discrete physical work products — not continuous autonomous operations on networked systems.

Errors and Omissions / Professional Liability

E&O coverage is closer to the right instrument, but it has structural gaps for agentic AI. Most E&O forms cover errors in the performance of professional services as defined in the policy's declarations — specific services the insured firm provides to clients. An AI agent taking autonomous action that falls outside the defined professional service scope (or that a court might characterize as an action of the AI system itself rather than the professional) may not trigger coverage.

More significantly, many E&O carriers have begun adding AI exclusions or automated decision-making exclusions to renewals in 2025 and 2026. These exclusions vary widely in language. Some exclude only fully autonomous decisions without human oversight; others exclude any AI-generated recommendation that leads to a loss, regardless of human involvement. Before assuming an E&O policy covers an AI agent deployment, brokers need to review the specific exclusion language — not assume coverage.

The E&O vs. cyber liability coverage comparison on this site explains the structural coverage gaps in professional liability forms for digital-era risks; the same analytical framework applies to agentic AI, with the added complication that AI agents may create exposures that don't fit cleanly into either bucket.

Cyber Liability

Cyber policies respond to data events: unauthorized access, data breaches, ransomware attacks, system failures. An AI agent taking a harmful autonomous action is generally not a data security event in the cyber policy sense — it is a judgment or operational failure. If an AI agent sends 50,000 incorrect refund notifications, the triggering event is not a breach; it is an operational error. Cyber policies typically will not respond.

There is a potential cyber angle if the AI agent's actions constitute unauthorized access — for example, if the agent exceeds its authorized permissions and accesses data or systems it was not authorized to reach. The emerging ransomware coverage gaps analysis on loss events from compromised AI systems is also relevant here: attackers who compromise an AI agent's API credentials or prompt-inject the agent's instructions can use the agent to take harmful actions within the client's authorized systems, which may or may not trigger cyber coverage depending on policy language.

The Authorization Gap: Who Is Liable When an AI Agent Causes Harm?

The hardest coverage question for agentic AI is liability allocation across the principal chain. Most AI agent deployments involve at least three parties:

  1. The foundation model provider (OpenAI, Anthropic, Google): provides the AI model that powers the agent's reasoning
  2. The application developer / platform operator: builds the agent workflow, defines the tools and permissions, and deploys the system
  3. The end-user business: runs the agent in production for their specific business purpose

When an AI agent causes harm, which party bears the liability? Current tort law provides limited guidance. The agent acts on behalf of the business deploying it — suggesting operator liability under agency law principles. But the business may argue the harm arose from a defect in the underlying model or platform (product liability) or from the platform developer's design choices (professional negligence). The foundation model provider typically limits liability through contract to the platform developer, not the end-user business.

This allocation uncertainty has direct implications for coverage placement:

  • The end-user business (your client) needs coverage for claims alleging they operated an AI agent negligently, with inadequate oversight, or in violation of applicable regulations (increasingly, state AI governance rules and sector-specific requirements)
  • The platform developer needs technology E&O and products liability coverage for claims that their system design caused the harm
  • If your client is also the platform developer — building custom AI agent workflows for their own or client use — they sit in both seats simultaneously

Brokers advising clients who fall in the third category (building proprietary agentic systems) face the most complex placement challenge. They need layered technology E&O, first-party operational loss coverage, and potentially a manuscript endorsement addressing AI-specific autonomous action scenarios.

Regulatory Exposure: The Emerging Agentic AI Compliance Layer

The regulatory environment for agentic AI is developing faster than the insurance market. Several risk areas are generating compliance exposure your clients need to understand:

NAIC AI governance requirements: The NAIC AI Model Bulletin, adopted in 24 states as of early 2026, creates accountability requirements for AI use in insurance — but the compliance framework it signals is influencing AI governance standards more broadly. The NAIC AI Model Bulletin compliance guide covers the current state of these requirements in detail.

Financial services regulators: The SEC, CFTC, and FINRA have each issued guidance or proposed rules on AI use in financial services that implicitly or explicitly address autonomous systems. AI agents taking trading, advisory, or operational actions in financial services create regulatory liability exposure that may not be covered by existing compliance E&O policies.

Healthcare: The HHS Office for Civil Rights has clarified that HIPAA obligations apply to AI systems operating on PHI — including agentic AI. An AI agent accessing patient records to process prior authorizations operates under the same privacy obligations as a human workforce member, and a breach by the agent is a HIPAA breach by the covered entity.

State AI legislation: Colorado, California, and a growing number of states have passed or are advancing AI accountability legislation that applies to "high-risk" automated decision systems — a category that likely encompasses most commercial agentic AI deployments in hiring, lending, and healthcare. These statutes create regulatory investigation and civil penalty exposure.

For clients with AI agent deployments that touch these regulatory areas, coverage for regulatory proceedings and defense costs — whether through specialty tech E&O, cyber, or a dedicated AI liability form — should be part of the conversation.

What the Market Can and Cannot Do Right Now

The specialty insurance market for agentic AI is early-stage but not empty. Brokers should know what is currently available:

Technology E&O with AI endorsements: Several carriers (Beazley, Chubb, Markel, Axis) have developed technology E&O forms with AI-specific endorsements that cover claims arising from AI system errors, including some autonomous systems. These are the most accessible current solution for clients whose AI agent deployment is incidental to a broader technology service offering.

Standalone AI liability: A handful of MGAs and Lloyd's syndicates have introduced standalone AI liability products designed specifically for businesses deploying AI in high-stakes environments. Coverage scope varies significantly. Key variables to evaluate: whether the policy covers autonomous AI actions (not just AI-assisted decisions), how "human oversight" is defined (and whether client processes satisfy that definition), and how the policy handles shared liability across the AI principal chain.

Manuscript endorsements: For larger, more complex agentic AI deployments, a manuscript endorsement to an existing tech E&O, professional liability, or excess policy is often the most precise solution. This requires carrier willingness to engage on manuscript terms and clear documentation of the client's AI governance framework.

Coverage gaps that remain uninsurable: Pure economic loss from AI agent operational errors (not traceable to a specific professional service failure or system defect) remains difficult to place on most existing forms. First-party coverage for business interruption caused by an AI agent's erroneous action — the AI deletes a database, cancels the wrong orders, shuts down the wrong service — may require separate coverage analysis under property or operational risk forms.

The guide to placing AI liability insurance for clients covers the placement process for clients using AI in their operations — the agentic AI context adds complexity in the autonomy and authorization dimensions covered here, but the baseline framework applies.

The Broker's Due Diligence Framework for AI Agent Risk

Before placing or recommending coverage for a client running agentic AI systems, brokers need answers to the following:

System definition: What does the AI agent actually do? What actions can it take autonomously, and which require human approval? What systems does it have access to (APIs, databases, financial accounts, communications platforms)?

Human oversight architecture: Is there a human-in-the-loop checkpoint before consequential actions, or does the agent operate fully autonomously? How are "consequential" actions defined? What monitoring and intervention capabilities exist?

Vendor and platform structure: Is the client using a third-party AI agent platform, building custom agents on a foundation model API, or some combination? Who controls the agent's tool permissions and action scope?

Incident history and near-misses: Has the AI agent taken an unintended action that caused or could have caused harm? What happened and how was it resolved? This history is material for underwriting — and failure to disclose it creates E&O exposure for the broker.

Regulatory status: What industry is the client in, and are there sector-specific AI regulations that apply to their use case? Is the client subject to state AI accountability laws?

Contractual risk allocation: Does the client's vendor contract with their AI platform provider address liability allocation? Are there indemnification provisions, caps, or exclusions that affect the client's net exposure?

This intake process mirrors the approach the broker differentiation strategies guide describes for complex risk consultative selling — the value is not in finding a commodity quote, but in being the advisor who identified the exposure before the claim.

FAQ

What makes an AI "agentic" for insurance purposes?

The key characteristic is autonomous action-taking: the AI can execute operations — making purchases, sending communications, modifying data, calling external APIs, deploying code — without a human approving each step. This contrasts with advisory AI (which generates recommendations for humans to evaluate) and generative AI (which produces content for humans to use). The autonomy and the consequential nature of the actions are what create the insurance coverage gaps.

Does a client's existing E&O policy cover harm caused by their AI agents?

Almost certainly not completely, and possibly not at all. E&O policies cover errors in defined professional services, and many forms now include AI exclusions or automated decision-making exclusions. Whether a specific AI agent deployment is covered depends on the policy's professional services definition, the exclusion language, and the nature of the harm. Brokers should require full E&O policy review before advising clients that their existing coverage is adequate.

Is the AI vendor (OpenAI, Anthropic, etc.) liable if their model causes the harm?

Foundation model providers generally limit their contractual liability to the direct API customer (the application developer), often capping damages well below potential third-party harm. End-user businesses typically have no direct contractual relationship with the foundation model provider and no easy path to recover from them under current product liability doctrine. The regulatory and tort framework for foundation model provider liability is unsettled and jurisdiction-dependent.

What should brokers tell clients who say their tech team "has it under control"?

"Under control" for a development team usually means the system works as designed. It does not mean the system's authorized actions are appropriately bounded, that third-party liability exposure is understood, or that a regulatory claim based on what the system is designed to do is impossible. The harm scenario for agentic AI is not always a malfunction — it can be an AI agent doing exactly what it was designed to do in a way that causes unintended harm at scale.

How do I handle a client who operates an AI agent platform for others?

Clients who build and operate agentic AI platforms for other businesses face compounded exposure: their own operational liability plus potential claims from their customers when the platform causes harm. They need technology E&O and products liability coverage with explicit agentic AI scope, plus a careful review of the indemnification provisions in their customer contracts. This is a specialty placement requiring engagement with carriers who underwrite AI-forward technology risk.

Are there policies specifically designed for agentic AI?

Not yet as a distinct, broadly available product class. The most applicable current solutions are technology E&O forms with AI-specific endorsements, specialty AI liability products from a small number of MGAs and Lloyd's syndicates, and manuscript endorsements for complex deployments. The market is actively developing; the ISO and AAIS are both working on standard form language for AI liability, and carrier appetite is expanding for well-governed deployments with documented oversight processes.

What documentation should clients maintain to support an AI liability claim?

Clients should maintain: system architecture documentation (what tools and permissions the AI agent has), human oversight logs (who reviewed what and when), incident logs (any unintended actions, near-misses, or errors), vendor contracts and SLAs, and training/configuration records showing how the agent's behavior was specified. The same documentation that supports a regulatory response also supports an insurance claim.

Arvori helps CPAs and insurance brokers work together to identify client exposures before they become claims. For complex agentic AI risk assessments, connecting your clients' insurance coverage to their technology governance frameworks is an area where professional collaboration adds real value.